If you think the biggest threat to the security of your member data comes from offshore hackers pounding away at your firewall, think again. Intrusion prevention technology has evolved to the point where, when maintained properly, it is highly effective at keeping the bad guys out. So how are they getting in? Why is it that major data breaches have become commonplace in the headlines?

One of the largest law firms in the world, the leading cause of data breaches is employee negligence, according to a study released this month by BakerHostetler. The study, titled The BakerHostetler Data Security Incident Response Report 2015, claims that of the cases examined, 37 percent all data breaches were primarily the result of employee negligence. Coming in second space, as 22 percent, was external theft of a device.

The FFIEC IT Examination Handbook has included a requirement for “user education in awareness, safe computing practices, indicators of malicious code, and response actions” since 2006. Credit unions are reporting that examiners are putting more emphasis on this now than ever before, for obvious reasons. Your next data breach is as close as one mouse-click by a careless employee.

In one now infamous and clever incident, hackers were intent on penetrating the systems of a large oil company, but were having difficulty. So they shifted their attention to hacking the online menu of a Chinese restaurant next door to the company headquarters. They planted malware on the menu. One click on the bogus link by one oil company employee was all it took to get them in.

It's important to realize that the information hackers need to set up a scam is readily available. For example, LinkedIn, while a valuable business tool, also provides cyber criminals with a handy if not complete list of your credit union's employees.

A hacker could, in theory, find the names of both your IT director and a teller and, with a little more Googling, determine both their emails addresses. Then said hacker could send the teller an email with a malware-infected attachment that appears to be from the IT director. That teller, if not properly trained in the detection of such email attacks, would very likely open the attachment—which would appear to be exactly what the email claimed it to be—and send the malware off on its merry way through your network and its servers.

The math is simple. If 37 percent of data breaches are attributable to employee negligence, 37 percent of data breaches are preventable through better employee education. The key here is not treating employing cyber-security education as just another box to check off on a list. Invest in the tools to ensure that your employees have up-to-date and accurate information, and then test those employees to ensure that the information you provide is really being used.

Do that and you can sleep quite comfortably at night knowing that your credit union won't be featured in the next big data breach headline.

Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.

Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:

  • Breaking credit union news and analysis, on-site and via our newsletters and custom alerts
  • Weekly Shared Accounts podcast featuring exclusive interviews with industry leaders
  • Educational webcasts, white papers, and ebooks from industry thought leaders
  • Critical coverage of the commercial real estate and financial advisory markets on our other ALM sites, GlobeSt.com and ThinkAdvisor.com
NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.